holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Remove shorewall-shell support from /sbin/shorewall

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9482 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-02-22 16:54:19 +00:00
parent a3d0f8e222
commit 70b817fb4c
4 changed files with 61 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-common/install.sh
View File

@ -207,7 +207,7 @@ if [ -n "$PREFIX" ]; then
install -d $OWNERSHIP -m 755 ${PREFIX}${DEST} install -d $OWNERSHIP -m 755 ${PREFIX}${DEST}
fi fi
else else
[ -x /usr/share/shorewall-shell/compiler -o -x /usr/share/shorewall-perl/compiler.pl ] || \ [ -x /usr/share/shorewall-perl/compiler.pl ] || \
{ echo " ERROR: No Shorewall compiler is installed" >&2; exit 1; } { echo " ERROR: No Shorewall compiler is installed" >&2; exit 1; }
if [ -z "$CYGWIN" ]; then if [ -z "$CYGWIN" ]; then
if [ -d /etc/apt -a -e /usr/bin/dpkg ]; then if [ -d /etc/apt -a -e /usr/bin/dpkg ]; then

6
Shorewall-common/lib.base
View File

@ -23,15 +23,10 @@
# #
# This library contains the code common to all Shorewall components. # This library contains the code common to all Shorewall components.
# #
# - It is copied into the compiled script with the -e compiler flag is specified to
# shorewall-shell.
# - It is loaded by /sbin/shorewall. # - It is loaded by /sbin/shorewall.
# - It is loaded by /usr/share/shorewall/firewall. # - It is loaded by /usr/share/shorewall/firewall.
# - It is loaded by /usr/share/shorewall-shell/compiler.
# - It is released as part of Shorewall Lite where it is used by /sbin/shorewall-lite # - It is released as part of Shorewall Lite where it is used by /sbin/shorewall-lite
# and /usr/share/shorewall-lite/shorecap. # and /usr/share/shorewall-lite/shorecap.
# - It is released as part of Shorewall Perl where it is copied into the compiled script
# by the compiler.
# #
SHOREWALL_LIBVERSION=40000 SHOREWALL_LIBVERSION=40000
@ -40,7 +35,6 @@ SHOREWALL_CAPVERSION=40205
[ -n "${VARDIR:=/var/lib/shorewall}" ] [ -n "${VARDIR:=/var/lib/shorewall}" ]
[ -n "${SHAREDIR:=/usr/share/shorewall}" ] [ -n "${SHAREDIR:=/usr/share/shorewall}" ]
[ -n "${CONFDIR:=/etc/shorewall}" ] [ -n "${CONFDIR:=/etc/shorewall}" ]
SHELLSHAREDIR=/usr/share/shorewall-shell
PERLSHAREDIR=/usr/share/shorewall-perl PERLSHAREDIR=/usr/share/shorewall-perl
# #

8
Shorewall-common/lib.cli
View File

@ -696,13 +696,7 @@ dump_command() {
clear_term clear_term
echo "$PRODUCT $version Dump at $HOSTNAME - $(date)" echo "$PRODUCT $version Dump at $HOSTNAME - $(date)"
echo echo
if [ -f /usr/share/shorewall-shell/version ]; then if [ -f /usr/share/shorewall-perl/version ]; then
echo " Shorewall-shell $(cat /usr/share/shorewall-shell/version)"
if [ -f /usr/share/shorewall-perl/version ]; then
echo " Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
fi
echo
elif [ -f /usr/share/shorewall-perl/version ]; then
echo " Shorewall-perl $(cat /usr/share/shorewall-perl/version)" echo " Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
echo echo
fi fi

237
Shorewall-common/shorewall
View File

@ -1,10 +1,10 @@
#!/bin/sh #!/bin/sh
# #
# Shorewall Packet Filtering Firewall Control Program - V4.2 # Shorewall Packet Filtering Firewall Control Program - V4.4
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008 - Tom Eastep (teastep@shorewall.net) # (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009 - Tom Eastep (teastep@shorewall.net)
# #
# This file should be placed in /sbin/shorewall. # This file should be placed in /sbin/shorewall.
# #
@ -212,6 +212,19 @@ get_config() {
esac esac
fi fi
case ${SHOREWALL_COMPILER:=perl} in
perl|Perl)
;;
shell|Shell)
echo " ERROR: SHOREWALL_COMPILER=shell is no longer supported"
exit 2
;;
*)
echo " ERROR: Invalid value ($SHOREWALL_COMPILER) for SHOREWALL_COMPILER"
exit 2
;;
esac
case ${TC_ENABLED:=Internal} in case ${TC_ENABLED:=Internal} in
No|NO|no) No|NO|no)
TC_ENABLED= TC_ENABLED=
@ -313,24 +326,14 @@ get_config() {
} }
# #
# Run the appropriate compiler # Run the compiler
# #
compiler() { compiler() {
local sc
sc=${SHELLSHAREDIR}/compiler
local pc
pc=${PERLSHAREDIR}/compiler.pl
startup_error() { startup_error() {
echo " ERROR: $@" >&2 echo " ERROR: $@" >&2
exit 1 exit 1
} }
local command
command=$1
shift
if [ $(id -u) -ne 0 ]; then if [ $(id -u) -ne 0 ]; then
if [ -z "$SHOREWALL_DIR" -o "$SHOREWALL_DIR" = /etc/shorewall ]; then if [ -z "$SHOREWALL_DIR" -o "$SHOREWALL_DIR" = /etc/shorewall ]; then
startup_error "Ordinary users may not compile the /etc/shorewall configuration" startup_error "Ordinary users may not compile the /etc/shorewall configuration"
@ -341,49 +344,6 @@ compiler() {
# #
ensure_config_path ensure_config_path
compiler=
haveparams=
if [ -n "$SHOREWALL_COMPILER" ]; then
compiler="$SHOREWALL_COMPILER" #Compiler specified in /etc/shorewall/shorewall.conf or on the run-line
elif [ -x $sc ]; then
if [ ! -x $pc ]; then
compiler=shell
fi
elif [ -x $pc ]; then
compiler=perl
else
fatal_error "No shorewall compiler installed"
fi
if [ -z "$compiler" ]; then
#
# Both compilers installed. Read the appropriate shorewall.conf to learn the setting of SHOREWALL_COMPILER
#
if [ -n "$SHOREWALL_DIR" ]; then
shell=$SHOREWALL_SHELL
[ -x $pc ] && set -a
run_user_exit params
set +a
haveparams=Yes
get_config No No No
SHOREWALL_SHELL=$shell
fi
#
# And initiate the appropriate compiler
#
if [ -n "$SHOREWALL_COMPILER" ]; then
compiler="$SHOREWALL_COMPILER"
elif [ -x $sc ]; then
compiler=shell
else
compiler=perl
fi
fi
case $COMMAND in case $COMMAND in
*start|try|refresh) *start|try|refresh)
;; ;;
@ -393,50 +353,33 @@ compiler() {
;; ;;
esac esac
[ $command = exec ] || command= debugflags="-w"
[ -n "$DEBUG" ] && debugflags='-wd'
case "$compiler" in [ -n "$PROFILE" ] && debugflags='-wd:DProf'
perl)
debugflags="-w"
[ -n "$DEBUG" ] && debugflags='-wd'
[ -n "$PROFILE" ] && debugflags='-wd:DProf'
# Perl compiler only takes the output file as a argument # Perl compiler only takes the output file as a argument
[ "$1" = debug -o "$1" = trace ] && shift; [ "$1" = debug -o "$1" = trace ] && shift;
[ "$1" = nolock ] && shift; [ "$1" = nolock ] && shift;
shift shift
options="--verbose=$VERBOSE" options="--verbose=$VERBOSE"
[ -n "$STARTUP_LOG" ] && options="$options --log=$STARTUP_LOG" [ -n "$STARTUP_LOG" ] && options="$options --log=$STARTUP_LOG"
[ -n "$LOG_VERBOSITY" ] && options="$options --log_verbosity=$LOG_VERBOSITY"; [ -n "$LOG_VERBOSITY" ] && options="$options --log_verbosity=$LOG_VERBOSITY";
[ -n "$EXPORT" ] && options="$options --export" [ -n "$EXPORT" ] && options="$options --export"
[ -n "$SHOREWALL_DIR" ] && options="$options --directory=$SHOREWALL_DIR" [ -n "$SHOREWALL_DIR" ] && options="$options --directory=$SHOREWALL_DIR"
[ -n "$TIMESTAMP" ] && options="$options --timestamp" [ -n "$TIMESTAMP" ] && options="$options --timestamp"
[ -n "$TEST" ] && options="$options --test" [ -n "$TEST" ] && options="$options --test"
[ "$debugging" = trace ] && options="$options --debug" [ "$debugging" = trace ] && options="$options --debug"
[ -n "$REFRESHCHAINS" ] && options="$options --refresh=$REFRESHCHAINS" [ -n "$REFRESHCHAINS" ] && options="$options --refresh=$REFRESHCHAINS"
[ -x $pc ] || startup_error "SHOREWALL_COMPILER=perl requires the shorewall-perl package which is not installed" #
# # Run the appropriate params file
# Run the appropriate params file #
# set -a;
if [ -z "$haveparams" ]; then run_user_exit params
set -a; set +a
run_user_exit params
set +a
fi
$command perl $debugflags $pc $options $@ perl $debugflags /usr/share/shorewall-perl/compiler.pl $options $@
;;
shell)
[ -x $sc ] || startup_error "SHOREWALL_COMPILER=shell requires the shorewall-shell package which is not installed"
[ -n "$REFRESHCHAINS" ] && startup_error "Shorewall-shell does not support refresh of specific chains"
$command $SHOREWALL_SHELL $sc $@
;;
*)
startup_error "Invalid value ($SHOREWALL_COMPILER) for SHOREWALL_COMPILER"
;;
esac
} }
# #
@ -452,7 +395,7 @@ start_command() {
progress_message3 "Compiling..." progress_message3 "Compiling..."
if compiler run $debugging $nolock compile ${VARDIR}/.start; then if compiler $debugging $nolock compile ${VARDIR}/.start; then
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
${VARDIR}/.start $debugging start ${VARDIR}/.start $debugging start
rc=$? rc=$?
@ -484,12 +427,6 @@ start_command() {
finished=1 finished=1
option= option=
;; ;;
C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2
option=
shift
;;
d*) d*)
DEBUG=Yes DEBUG=Yes
option=${option#d} option=${option#d}
@ -607,12 +544,6 @@ compile_command() {
PROFILE=Yes PROFILE=Yes
option=${option#p} option=${option#p}
;; ;;
C)
[ $# -gt 0 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$1
option=
shift
;;
t*) t*)
TEST=Yes TEST=Yes
option=${option#t} option=${option#t}
@ -668,7 +599,7 @@ compile_command() {
progress_message3 "Compiling..." progress_message3 "Compiling..."
compiler exec $debugging compile $file compiler $debugging compile $file
} }
# #
@ -702,12 +633,6 @@ check_command() {
DEBUG=Yes; DEBUG=Yes;
option=${option#d} option=${option#d}
;; ;;
C)
[ $# -gt 0 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2
option=
shift
;;
*) *)
usage 1 usage 1
;; ;;
@ -747,7 +672,7 @@ check_command() {
progress_message3 "Checking..." progress_message3 "Checking..."
compiler exec $debugging $nolock check compiler $debugging $nolock check
} }
# #
@ -783,12 +708,6 @@ restart_command() {
NOROUTES=Yes NOROUTES=Yes
option=${option#n} option=${option#n}
;; ;;
C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2
option=
shift
;;
p*) p*)
[ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system" [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
PURGE=Yes PURGE=Yes
@ -838,7 +757,7 @@ restart_command() {
if [ -z "$FAST" ]; then if [ -z "$FAST" ]; then
progress_message3 "Compiling..." progress_message3 "Compiling..."
if compiler run $debugging $nolock compile ${VARDIR}/.restart; then if compiler $debugging $nolock compile ${VARDIR}/.restart; then
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
$SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
rc=$? rc=$?
@ -877,12 +796,6 @@ refresh_command() {
finished=1 finished=1
option= option=
;; ;;
C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2
option=
shift
;;
*) *)
usage 1 usage 1
;; ;;
@ -914,7 +827,7 @@ refresh_command() {
progress_message3 "Compiling..." progress_message3 "Compiling..."
if compiler run $debugging $nolock compile ${VARDIR}/.refresh; then if compiler $debugging $nolock compile ${VARDIR}/.refresh; then
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
$SHOREWALL_SHELL ${VARDIR}/.refresh $debugging refresh $SHOREWALL_SHELL ${VARDIR}/.refresh $debugging refresh
rc=$? rc=$?
@ -956,12 +869,6 @@ safe_commands() {
NOROUTES=Yes NOROUTES=Yes
option=${option#n} option=${option#n}
;; ;;
C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2
option=
shift
;;
*) *)
usage 1 usage 1
;; ;;
@ -1021,7 +928,7 @@ safe_commands() {
progress_message3 "Compiling..." progress_message3 "Compiling..."
if ! compiler run $debugging nolock compile ${VARDIR}/.$command; then if ! compiler $debugging nolock compile ${VARDIR}/.$command; then
status=$? status=$?
exit $status exit $status
fi fi
@ -1105,12 +1012,6 @@ try_command() {
NOROUTES=Yes NOROUTES=Yes
option=${option#n} option=${option#n}
;; ;;
C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2
option=
shift
;;
*) *)
usage 1 usage 1
;; ;;
@ -1164,7 +1065,7 @@ try_command() {
progress_message3 "Compiling..." progress_message3 "Compiling..."
if ! compiler run $debugging $nolock compile ${VARDIR}/.$command; then if ! compiler $debugging $nolock compile ${VARDIR}/.$command; then
status=$? status=$?
exit $status exit $status
fi fi
@ -1234,8 +1135,6 @@ reload_command() # $* = original arguments less the command.
getcaps= getcaps=
local root local root
root=root root=root
local compiler
compiler=
LITEDIR=/var/lib/shorewall-lite LITEDIR=/var/lib/shorewall-lite
@ -1265,12 +1164,6 @@ reload_command() # $* = original arguments less the command.
option= option=
shift shift
;; ;;
C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
compiler="-C $2"
option=
shift
;;
*) *)
usage 1 usage 1
;; ;;
@ -1325,7 +1218,7 @@ reload_command() # $* = original arguments less the command.
[ -n "$TIMESTAMP" ] && timestamp='-t' || timestamp= [ -n "$TIMESTAMP" ] && timestamp='-t' || timestamp=
if shorewall $debugging $verbose $timestamp compile -e $compiler $directory $directory/firewall && \ if shorewall $debugging $verbose $timestamp compile -e $directory $directory/firewall && \
progress_message3 "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \ progress_message3 "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \
rcp_command "$directory/firewall $directory/firewall.conf" ${LITEDIR} rcp_command "$directory/firewall $directory/firewall.conf" ${LITEDIR}
then then
@ -1362,8 +1255,6 @@ export_command() # $* = original arguments less the command.
finished=0 finished=0
local directory local directory
local target local target
local compiler
compiler=
while [ $finished -eq 0 -a $# -gt 0 ]; do while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1 option=$1
@ -1377,12 +1268,6 @@ export_command() # $* = original arguments less the command.
finished=1 finished=1
option= option=
;; ;;
C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
compiler="-C $2"
option=
shift
;;
*) *)
fatal_error "Unrecognized option \"$option\"" fatal_error "Unrecognized option \"$option\""
;; ;;
@ -1420,7 +1305,7 @@ export_command() # $* = original arguments less the command.
file=$(resolve_file $directory/firewall) file=$(resolve_file $directory/firewall)
if shorewall $debugging $verbose compile -e $compiler $directory $directory/firewall && \ if shorewall $debugging $verbose compile -e $directory $directory/firewall && \
echo "Copying $file and ${file}.conf to ${target#*@}..." && \ echo "Copying $file and ${file}.conf to ${target#*@}..." && \
scp $directory/firewall $directory/firewall.conf $target scp $directory/firewall $directory/firewall.conf $target
then then
@ -1441,38 +1326,38 @@ usage() # $1 = exit status
echo "where <command> is one of:" echo "where <command> is one of:"
echo " add <interface>[:<host-list>] ... <zone>" echo " add <interface>[:<host-list>] ... <zone>"
echo " allow <address> ..." echo " allow <address> ..."
echo " check [ -e ] [ -C {shell|perl} ] [ <directory> ]" echo " check [ -e ] [ <directory> ]"
echo " clear [ -f ]" echo " clear [ -f ]"
echo " compile [ -e ] [ -C {shell|perl} ] [ <directory name> ] <path name>" echo " compile [ -e ] [ <directory name> ] <path name>"
echo " delete <interface>[:<host-list>] ... <zone>" echo " delete <interface>[:<host-list>] ... <zone>"
echo " drop <address> ..." echo " drop <address> ..."
echo " dump [ -x ]" echo " dump [ -x ]"
echo " export [ -C {shell|perl} ] [ <directory1> ] [<user>@]<system>[:<directory2>]" echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]"
echo " forget [ <file name> ]" echo " forget [ <file name> ]"
echo " help" echo " help"
echo " hits [ -t ]" echo " hits [ -t ]"
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }" echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
echo " ipdecimal { <address> | <integer> }" echo " ipdecimal { <address> | <integer> }"
echo " iprange <address>-<address>" echo " iprange <address>-<address>"
echo " load [ -s ] [ -c ] [ -r <root user> ] [ -C {shell|perl} ] [ <directory> ] <system>" echo " load [ -s ] [ -c ] [ -r <root user> ] [ <directory> ] <system>"
echo " logdrop <address> ..." echo " logdrop <address> ..."
echo " logreject <address> ..." echo " logreject <address> ..."
echo " logwatch [<refresh interval>]" echo " logwatch [<refresh interval>]"
echo " refresh [ -C {shell|perl} ] [ <chain>... ]" echo " refresh [ <chain>... ]"
echo " reject <address> ..." echo " reject <address> ..."
echo " reload [ -s ] [ -c ] [ -r <root user> ] [ -C {shell|perl} ] [ <directory> ] <system>" echo " reload [ -s ] [ -c ] [ -r <root user> ] [ <directory> ] <system>"
echo " reset [ <chain> ... ]" echo " reset [ <chain> ... ]"
echo " restart [ -n ] [ -p ] [ -f ] [ -C {shell|perl} ] [ <directory> ]" echo " restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
echo " restore [ -n ] [ <file name> ]" echo " restore [ -n ] [ <file name> ]"
echo " save [ <file name> ]" echo " save [ <file name> ]"
echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|raw|routing|tc|vardir|zones} ]" echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|raw|routing|tc|vardir|zones} ]"
echo " start [ -f ] [ -n ] [ -p ] [ -C {shell|perl} ] [ <directory> ]" echo " start [ -f ] [ -n ] [ -p ] [ <directory> ]"
echo " stop [ -f ]" echo " stop [ -f ]"
echo " status" echo " status"
echo " try [ -C {shell|perl} ] <directory> [ <timeout> ]" echo " try <directory> [ <timeout> ]"
echo " version [ -a ]" echo " version [ -a ]"
echo " safe-start [ -C {shell|perl} ] [ <directory> ]" echo " safe-start [ <directory> ]"
echo " safe-restart [ -C {shell|perl} ] [ <directory> ]" echo " safe-restart [ <directory> ]"
echo echo
exit $1 exit $1
} }
@ -1640,10 +1525,6 @@ version_command() {
echo $version echo $version
if [ -n "$all" ]; then if [ -n "$all" ]; then
if [ -f /usr/share/shorewall-shell/version ]; then
echo "Shorewall-shell $(cat /usr/share/shorewall-shell/version)"
fi
if [ -f /usr/share/shorewall-perl/version ]; then if [ -f /usr/share/shorewall-perl/version ]; then
echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)" echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
fi fi